Automation is one of the keys to consistent and meaningful AppSec adoption in an evolving world. Many organizations have taken the first step in integrating their development and operations teams to drive more efficient delivery of applications and innovation to the market. They have come a long way by aligning around the shared goal of […]
Posted in Agile, CI/CD & DevOps, Featured, Maturity Model (BSIMM)
Automation in the cloud can help you build faster and deliver continuously, but it can also make managing security a challenge. By integrating Black Duck by Synopsys with the development tools you use in Amazon Web Services, you can scan images in your container registry, automate build scans in your CI pipeline, and stay notified […]
Posted in Agile, CI/CD & DevOps, Cloud Security, Webinar
Static application security testing (SAST) is the process of examining source code for security defects. SAST is one of many checks in an application security assurance program designed to find and fix security vulnerabilities early in the DevOps process. Integrating SAST into DevOps is critical to building a sustainable program. And automating your SAST tools […]
Posted in Agile, CI/CD & DevOps, Static Analysis (SAST), Webinar
Development and operations teams have already come a long way by aligning around the shared goal of delivering stable, high-quality software quickly. They’ve automated manual processes and built tools into continuous integration and continuous delivery (CI/CD) pipelines. In doing so, they’ve increased trust between groups, which is essential as these once-disparate teams tackle critical issues […]
Posted in Agile, CI/CD & DevOps, Security Training, Webinar
Two powerful yet relatively new technologies in application security testing are interactive application security testing (IAST) and software composition analysis (SCA). IAST solutions are designed to help organizations identify and manage security risks associated with vulnerabilities discovered in running web applications using dynamic testing (a.k.a. runtime testing) techniques. SCA, a term coined by market analysts, […]
Posted in Agile, CI/CD & DevOps, Interactive Application Security Testing (IAST), Software Composition Analysis
This is the third post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. As discussed in previous posts, developers are more likely to use SAST tools to improve application security when they integrate seamlessly into existing development workflows. While integration into […]
Posted in Agile, CI/CD & DevOps, Static Analysis (SAST)
This is the second post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. As discussed in the previous blog post, static analysis is more likely to have a significant impact on application security when it supports the goals of developers, rather […]
Posted in Agile, CI/CD & DevOps, Static Analysis (SAST)
A little background on DO-178 We live with software failure every day—from cell phones and laptops that crash or hang to headline-grabbing stories of personal data breaches. Software has been used in safety-critical airborne applications for decades, but fatalities caused by software are unheard of in civil aviation. Why this difference? The reason is the […]
Posted in Agile, CI/CD & DevOps, Static Analysis (SAST), Weekly Security Mashup
In a recent webinar that I co-presented with Jay Lyman, principal cloud management and container analyst at 451 Research, we had the opportunity to discuss the realities and opportunities that exist in DevSecOps. Real security challenges In the Q&A portion of the webinar, attendees posed questions about how to solve the problem of building security […]
Posted in Agile, CI/CD & DevOps
The timeless demand to reduce time to market has put DevOps in a position to solidify itself as a defining characteristic of modern SDLCs. While the need to accelerate software development is as old as software development is, the need to produce secure software is currently gaining traction in light of recent software security blunders. […]
Posted in Agile, CI/CD & DevOps
Get the latest Software Integrity news, thought leadership, and more.
